PlzNavigate: Move navigation-level mixed content checks to the browser.

third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

 /*
  * Copyright (C) 2012 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 25 matching lines @@
 #include "core/inspector/ConsoleMessage.h"
 #include "core/loader/DocumentLoader.h"
 #include "core/loader/FrameLoader.h"
 #include "core/loader/FrameLoaderClient.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/network/NetworkUtils.h"
 #include "platform/weborigin/SchemeRegistry.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "public/platform/WebAddressSpace.h"
 #include "public/platform/WebInsecureRequestPolicy.h"
+#include "public/platform/WebMixedContent.h"
+#include "public/platform/WebMixedContentContextType.h"
 #include "wtf/text/StringBuilder.h"
 
 namespace blink {
 
 namespace {
 
 // When a frame is local, use its full URL to represent the main resource. When
 // the frame is remote, the full URL isn't accessible, so use the origin. This
 // function is used, for example, to determine the URL to show in console
 // messages about mixed content.
 KURL mainResourceUrlForFrame(Frame* frame) {
   if (frame->isRemoteFrame()) {
     return KURL(KURL(),
                 frame->securityContext()->getSecurityOrigin()->toString());
   }
   return toLocalFrame(frame)->document()->url();
 }
 
+const char* requestContextName(WebURLRequest::RequestContext context) {
+  switch (context) {
+    case WebURLRequest::RequestContextAudio:
+      return "audio file";
+    case WebURLRequest::RequestContextBeacon:
+      return "Beacon endpoint";
+    case WebURLRequest::RequestContextCSPReport:
+      return "Content Security Policy reporting endpoint";
+    case WebURLRequest::RequestContextDownload:
+      return "download";
+    case WebURLRequest::RequestContextEmbed:
+      return "plugin resource";
+    case WebURLRequest::RequestContextEventSource:
+      return "EventSource endpoint";
+    case WebURLRequest::RequestContextFavicon:
+      return "favicon";
+    case WebURLRequest::RequestContextFetch:
+      return "resource";
+    case WebURLRequest::RequestContextFont:
+      return "font";
+    case WebURLRequest::RequestContextForm:
+      return "form action";
+    case WebURLRequest::RequestContextFrame:
+      return "frame";
+    case WebURLRequest::RequestContextHyperlink:
+      return "resource";
+    case WebURLRequest::RequestContextIframe:
+      return "frame";
+    case WebURLRequest::RequestContextImage:
+      return "image";
+    case WebURLRequest::RequestContextImageSet:
+      return "image";
+    case WebURLRequest::RequestContextImport:
+      return "HTML Import";
+    case WebURLRequest::RequestContextInternal:
+      return "resource";
+    case WebURLRequest::RequestContextLocation:
+      return "resource";
+    case WebURLRequest::RequestContextManifest:
+      return "manifest";
+    case WebURLRequest::RequestContextObject:
+      return "plugin resource";
+    case WebURLRequest::RequestContextPing:
+      return "hyperlink auditing endpoint";
+    case WebURLRequest::RequestContextPlugin:
+      return "plugin data";
+    case WebURLRequest::RequestContextPrefetch:
+      return "prefetch resource";
+    case WebURLRequest::RequestContextScript:
+      return "script";
+    case WebURLRequest::RequestContextServiceWorker:
+      return "Service Worker script";
+    case WebURLRequest::RequestContextSharedWorker:
+      return "Shared Worker script";
+    case WebURLRequest::RequestContextStyle:
+      return "stylesheet";
+    case WebURLRequest::RequestContextSubresource:
+      return "resource";
+    case WebURLRequest::RequestContextTrack:
+      return "Text Track";
+    case WebURLRequest::RequestContextUnspecified:
+      return "resource";
+    case WebURLRequest::RequestContextVideo:
+      return "video";
+    case WebURLRequest::RequestContextWorker:
+      return "Worker script";
+    case WebURLRequest::RequestContextXMLHttpRequest:
+      return "XMLHttpRequest endpoint";
+    case WebURLRequest::RequestContextXSLT:
+      return "XSLT";
+  }
+  NOTREACHED();
+  return "resource";
+}
+
 }  // namespace
 
 static void measureStricterVersionOfIsMixedContent(Frame* frame,
                                                    const KURL& url) {
   // We're currently only checking for mixed content in `https://*` contexts.
   // What about other "secure" contexts the SchemeRegistry knows about? We'll
   // use this method to measure the occurance of non-webby mixed content to make
   // sure we're not breaking the world without realizing it.
   SecurityOrigin* origin = frame->securityContext()->getSecurityOrigin();
   if (MixedContentChecker::isMixedContent(origin, url)) {
@@ skipping 69 matching lines @@
 void MixedContentChecker::logToConsoleAboutFetch(
     LocalFrame* frame,
     const KURL& mainResourceUrl,
     const KURL& url,
     WebURLRequest::RequestContext requestContext,
     bool allowed) {
   String message = String::format(
       "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an "
       "insecure %s '%s'. %s",
       mainResourceUrl.elidedString().utf8().data(),
-      WebMixedContent::requestContextName(requestContext),
-      url.elidedString().utf8().data(),
+      requestContextName(requestContext), url.elidedString().utf8().data(),
       allowed ? "This content should also be served over HTTPS."
               : "This request has been blocked; the content must be served "
                 "over HTTPS.");
   MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel;
   frame->document()->addConsoleMessage(
       ConsoleMessage::create(SecurityMessageSource, messageLevel, message));
 }
 
 // static
 void MixedContentChecker::count(Frame* frame,
                                 WebURLRequest::RequestContext requestContext) {
   UseCounter::count(frame, UseCounter::MixedContentPresent);
 
   // Roll blockable content up into a single counter, count unblocked types
   // individually so we can determine when they can be safely moved to the
   // blockable category:
-  WebMixedContent::ContextType contextType =
+  WebMixedContentContextType contextType =
       WebMixedContent::contextTypeFromRequestContext(
           requestContext,
           frame->settings()->getStrictMixedContentCheckingForPlugin());
-  if (contextType == WebMixedContent::ContextType::Blockable) {
+  if (contextType == WebMixedContentContextType::Blockable) {
     UseCounter::count(frame, UseCounter::MixedContentBlockable);
     return;
   }
 
   UseCounter::Feature feature;
   switch (requestContext) {
     case WebURLRequest::RequestContextAudio:
       feature = UseCounter::MixedContentAudio;
       break;
     case WebURLRequest::RequestContextDownload:
@@ skipping 26 matching lines @@
 }
 
 // static
 bool MixedContentChecker::shouldBlockFetch(
     LocalFrame* frame,
     WebURLRequest::RequestContext requestContext,
     WebURLRequest::FrameType frameType,
     ResourceRequest::RedirectStatus redirectStatus,
     const KURL& url,
     MixedContentChecker::ReportingStatus reportingStatus) {
+  // Frame-level loads are checked by the browser. No need to check them again
+  // here.
+  if (frame->settings()->getBrowserSideNavigationEnabled() &&
+      frameType != WebURLRequest::FrameTypeNone) {
+    return false;
+  }
+
   Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType);
   Frame* mixedFrame =
       inWhichFrameIsContentMixed(effectiveFrame, frameType, url);
   if (!mixedFrame)
     return false;
 
   MixedContentChecker::count(mixedFrame, requestContext);
   if (ContentSecurityPolicy* policy =
           frame->securityContext()->contentSecurityPolicy())
     policy->reportMixedContent(url, redirectStatus);
 
   Settings* settings = mixedFrame->settings();
   // Use the current local frame's client; the embedder doesn't distinguish
   // mixed content signals from different frames on the same page.
   FrameLoaderClient* client = frame->loader().client();
   SecurityOrigin* securityOrigin =
       mixedFrame->securityContext()->getSecurityOrigin();
   bool allowed = false;
 
   // If we're in strict mode, we'll automagically fail everything, and
   // intentionally skip the client checks in order to prevent degrading the
   // site's security UI.
   bool strictMode = mixedFrame->securityContext()->getInsecureRequestPolicy() &
                         kBlockAllMixedContent ||
                     settings->getStrictMixedContentChecking();
 
-  WebMixedContent::ContextType contextType =
+  WebMixedContentContextType contextType =
       WebMixedContent::contextTypeFromRequestContext(
           requestContext, settings->getStrictMixedContentCheckingForPlugin());
 
   // If we're loading the main resource of a subframe, we need to take a close
   // look at the loaded URL. If we're dealing with a CORS-enabled scheme, then
   // block mixed frames as active content. Otherwise, treat frames as passive
   // content.
   //
   // FIXME: Remove this temporary hack once we have a reasonable API for
   // launching external applications via URLs. http://crbug.com/318788 and
   // https://crbug.com/393481
   if (frameType == WebURLRequest::FrameTypeNested &&
       !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol()))
-    contextType = WebMixedContent::ContextType::OptionallyBlockable;
+    contextType = WebMixedContentContextType::OptionallyBlockable;
 
   switch (contextType) {
-    case WebMixedContent::ContextType::OptionallyBlockable:
+    case WebMixedContentContextType::OptionallyBlockable:
       allowed = !strictMode;
       if (allowed) {
         client->passiveInsecureContentFound(url);
         client->didDisplayInsecureContent();
       }
       break;
 
-    case WebMixedContent::ContextType::Blockable: {
+    case WebMixedContentContextType::Blockable: {
       // Strictly block subresources that are mixed with respect to their
       // subframes, unless all insecure content is allowed. This is to avoid the
       // following situation: https://a.com embeds https://b.com, which loads a
       // script over insecure HTTP. The user opts to allow the insecure content,
       // thinking that they are allowing an insecure script to run on
       // https://a.com and not realizing that they are in fact allowing an
       // insecure script on https://b.com.
       if (!settings->getAllowRunningOfInsecureContent() &&
           requestIsSubframeSubresource(effectiveFrame, frameType) &&
           isMixedContent(frame->securityContext()->getSecurityOrigin(), url)) {
@@ skipping 11 matching lines @@
                 client->allowRunningInsecureContent(
                     settings && settings->getAllowRunningOfInsecureContent(),
                     securityOrigin, url);
       if (allowed) {
         client->didRunInsecureContent(securityOrigin, url);
         UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllowed);
       }
       break;
     }
 
-    case WebMixedContent::ContextType::ShouldBeBlockable:
+    case WebMixedContentContextType::ShouldBeBlockable:
       allowed = !strictMode;
       if (allowed)
         client->didDisplayInsecureContent();
       break;
-    case WebMixedContent::ContextType::NotMixedContent:
+    case WebMixedContentContextType::NotMixedContent:
       NOTREACHED();
       break;
   };
 
   if (reportingStatus == SendReport) {
     logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url,
                            requestContext, allowed);
   }
   return !allowed;
 }
@@ skipping 147 matching lines @@
   Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType);
   if (frameType == WebURLRequest::FrameTypeTopLevel || !effectiveFrame)
     return;
 
   // Use the current local frame's client; the embedder doesn't distinguish
   // mixed content signals from different frames on the same page.
   FrameLoaderClient* client = frame->loader().client();
   bool strictMixedContentCheckingForPlugin =
       effectiveFrame->settings() &&
       effectiveFrame->settings()->getStrictMixedContentCheckingForPlugin();
-  WebMixedContent::ContextType contextType =
+  WebMixedContentContextType contextType =
       WebMixedContent::contextTypeFromRequestContext(
           requestContext, strictMixedContentCheckingForPlugin);
-  if (contextType == WebMixedContent::ContextType::Blockable) {
+  if (contextType == WebMixedContentContextType::Blockable) {
     client->didRunContentWithCertificateErrors(response.url());
   } else {
     // contextTypeFromRequestContext() never returns NotMixedContent (it
     // computes the type of mixed content, given that the content is mixed).
-    DCHECK_NE(contextType, WebMixedContent::ContextType::NotMixedContent);
+    DCHECK_NE(contextType, WebMixedContentContextType::NotMixedContent);
     client->didDisplayContentWithCertificateErrors(response.url());
   }
 }
 
-WebMixedContent::ContextType MixedContentChecker::contextTypeForInspector(
+// static
+void MixedContentChecker::mixedContentFoundByTheBrowser(
+    LocalFrame* frame,
+    const KURL& mainResourceUrl,
+    const KURL& mixedContentUrl,
+    WebURLRequest::RequestContext requestContext,
+    bool wasAllowed,
+    bool hadRedirect) {
+  logToConsoleAboutFetch(frame, mainResourceUrl, mixedContentUrl,
+                         requestContext, wasAllowed);
+  ContentSecurityPolicy* policy =
+      frame->securityContext()->contentSecurityPolicy();
+  if (policy) {
+    policy->reportMixedContent(
+        mixedContentUrl, hadRedirect
+                             ? ResourceRequest::RedirectStatus::FollowedRedirect
+                             : ResourceRequest::RedirectStatus::NoRedirect);
+  }
+}
+
+WebMixedContentContextType MixedContentChecker::contextTypeForInspector(
     LocalFrame* frame,
     const ResourceRequest& request) {
   Frame* effectiveFrame =
       effectiveFrameForFrameType(frame, request.frameType());
 
   Frame* mixedFrame = inWhichFrameIsContentMixed(
       effectiveFrame, request.frameType(), request.url());
   if (!mixedFrame)
-    return WebMixedContent::ContextType::NotMixedContent;
+    return WebMixedContentContextType::NotMixedContent;
 
   // See comment in shouldBlockFetch() about loading the main resource of a
   // subframe.
   if (request.frameType() == WebURLRequest::FrameTypeNested &&
       !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(
           request.url().protocol())) {
-    return WebMixedContent::ContextType::OptionallyBlockable;
+    return WebMixedContentContextType::OptionallyBlockable;
   }
 
   bool strictMixedContentCheckingForPlugin =
       mixedFrame->settings() &&
       mixedFrame->settings()->getStrictMixedContentCheckingForPlugin();
   return WebMixedContent::contextTypeFromRequestContext(
       request.requestContext(), strictMixedContentCheckingForPlugin);
 }
 
 }  // namespace blink